Monitoring test takers remotely is critical to ensuring the integrity, security and fairness of your online assessments. In today’s world climate, many institutions have no choice but to move their tests online in order to continue to safely provide educational services to their learners. Now they are turning to solutions that include student facing security tools, like remote video proctoring, as a solution for tracking test takers’ activity outside of the classroom or test center.
However, remote proctoring comes with new challenges, especially when it comes to test-taker data and privacy considerations. In this post, we offer 4 tips from the ATP Privacy Guide for implementing remote proctoring in your assessment programs that will help you to mitigate many of the common privacy and safety concerns associated with the solution.
Implement Data Privacy Standards
The principles of privacy by design and privacy by default help organizations looking to implement remote proctoring solutions better ensure student data protection.
Privacy by design for a system incorporates privacy measures from the ground up, rather retrofitting protections into the solution after the fact. Following this approach requires that organizations consider the features of the solution before collecting and processing any test-taker data, making it easier to mitigate privacy challenges in data retention.
Privacy by default, or personal information minimization, includes “collecting, processing, and sharing the minimum personal data necessary, keeping that data for the minimum amount of time, and, where possible, allowing individuals to make choices about the treatment of their personal data in the provision of a service or product.”
Along with technical and policy measures, video proctoring solutions that follow these privacy standards enable organizations to reduce the risk of compromising critical information and ultimately support the integrity and security of the testing data.
Establish a Consistent Video Policy
Ensuring assessments are fair and unbiased is a continuous challenge online assessment programs must rise to meet. Establishing a video policy and applying it consistently across your testing programs, at all levels of your organization, helps you create a fair and streamlined experience for your test takers. Doing so also requires that organizations navigate through the formalities of video proctoring, and make decisions based on business analysis rather than an ad-hoc approach.
Policies, whether general, related to security or data retention, also enable organizations to define a uniform response to any requests or objections being raised about video proctoring. This could mean anything from responding to requests or objections in the act of recording, data retention and beyond. ATP notes that organizations should review and update their policies as needed, typically on an annual cycle. However, the timeline for reviewing and updating your policies may be unique based on your organization’s specific analyses and needs.
Establish a Data Retention Policy
Falling in line with establishing a consistent video policy is how you define your approach to data retention. Again here, consistency is key. If there are discrepancies across your organization in terms of the duration for which you hold student data, you should have a justified reason based on business analysis, which should be reflected in your data retention policy.
You will want to consider and document what types of data you will be retaining, and the purpose for doing so. ATP notes:
“Typically, under every privacy law, personal data generally may only be stored for the time period necessary to achieve the purpose for which the data was collected (e.g., GDPR). However, EDPB Guidance 3/2019 indicates that the video should not be kept more than 72 hours, unless there is a strong justification for the legitimacy and necessity of a longer period.” – ATP Privacy Guide
There are many good reasons for why an organization would retain video data for longer than 72 hours. An organization may also determine that different retention periods are needed for different situations. In this case, they may conduct and document a Legitimate Interest Assessment (LIA) as evidence to define and justify the duration for which the data will be held, weighed against test-taker privacy rights. After the period(s) for data retention are defined, an organization should put a process in place to erase the data from the system.
Share your Video Proctoring and Data Policy with your Test-Takers
Organizations that are transparent with their video and data policy and actively share that information with their test-takers can help them mitigate any unforeseen legal challenges or objections test-takers might raise. For example, it’s critical that you let your test-takers know that they are being recorded. Typically, in remote testing, this is clear at the onset of the test, as test-takers are walked through the video setup. However, ATP advises also including a note or dialogue box with clear details on what is being recorded and how that recording will be used. This helps create a paper trail in the case that a test-taker claims they did not know they were being recorded. It also provides a sense of transparency to the test-takers.
Security, personal data protection and privacy video are continuously prevalent across any organizations collecting such information. In learning and assessment following the guidelines set by ATP can help you maintain a tight process that eliminates those risk factors and more. For more information, take a look at ATP’s Privacy Guidance documentation, sourced below.
Source: Kleeman, J., Armstrong, J., McPartland, D., Mulford, A., & Thiemann,, A., Esq. (2020). PRIVACY GUIDANCE WHEN USING VIDEO IN THE TESTING INDUSTRY [PDF]. Washington, DC: Association of Test Publishers.